CVE-2010-1636

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfsfunctionality in the Linux kernel 2.6.29 through 2.6.32, and possibly otherversions, does not ensure that a cloned file descriptor has been opened forreading, which allows local users to read sensitive information from awrite-only file descriptor.